IPv6 Duplicate Address Detection

In this post I’ll take a closer look at IPv6 Duplicate Address Detection (aka ‘DAD’, which evidently bears all of types of jokes and wordplays). While the general mechanism should be roughly familiar to everybody working with IPv6 there are some interesting intricacies under the hood, some of which might even have operational implications. DADContinue reading “IPv6 Duplicate Address Detection”

A Holistic Look on SLAAC and DHCPv6

At first a very happy new year to all readers, and all the best for 2021! While I wrote a few posts about IPv6-related topics in the past ā€“ for many years here and later on the present blog ā€“ it seems I never contributed to the ‘classic SLAAC vs. DHCPv6’ debate, besides documenting theContinue reading “A Holistic Look on SLAAC and DHCPv6”

Notes from the UK IPv6 Council Annual Meeting 2020

Today the UK IPv6 Council held their annual meeting. These have been great events for many years (e.g. see 2019, 2018, 2017). Many thanks to Veronika McKillop and Tim Chown for organizing it! In the following I’ll discuss some of the talks (full agenda here). Colin Donohue & Ian Hallissy: The AIT Experience with IPv6Continue reading “Notes from the UK IPv6 Council Annual Meeting 2020”

Some Notes on Hardening IPv6 Stacks

Initially I wanted to start a long-planned post on “IPv6 Security Best Practices”, with a particular focus on enterprise environments, but then I realized I might need some ramp-up clarifications beforehand. First it might be helpful to understand that actual ‘IPv6 security measures’ in a given environment might heavily depend on the ‘deployment mode’. AsContinue reading “Some Notes on Hardening IPv6 Stacks”

A Quick Security Evaluation of IPv6

In my last post on “IPv6 Security on the Stack Level” I mentioned that the journey to a secure IPv6 environment might start with a properly secured stack which then would have to be followed by operational processes & tools. Accidentally I just re-read an old post on “Protocol Properties & Attack Vectors“, and I’dContinue reading “A Quick Security Evaluation of IPv6”

IPv6 Security on the Stack Level

A few weeks ago Scott Hogg, one of the smartest persons around in the field of IPv6 security, published a post titled “7 points your security team needs to know about IPv6 (but probably doesn’t)“. He listed ‘IPv6 needs to be secured from the onset, not retroactively’ as one of those. Given my own securityContinue reading “IPv6 Security on the Stack Level”

IPv6 Security & Capability Testing, Part 2

In this post I want to give an overview of IPv6 security testing efforts performed by various researchers in the past. As laid out in the first part of this series such testing can be considered one of the pillars of an overall IPv6 security strategy in complex environments. I will also try to developContinue reading “IPv6 Security & Capability Testing, Part 2”

IPv6 Security & Capability Testing, Part 1

Let’s be realistic about this: the advent of any new technology in a complex IT environment can lead to additional vulnerability exposure and hence to additional risk. Given the fundamental role of IP for practically all communication acts and all digital services in today’s organizations this is particularly true for IPv6. On the other handContinue reading “IPv6 Security & Capability Testing, Part 1”